What is ODCE investigating with INM and Leslie Buckley?
Watchdog wants to know who authorised access to the publisher’s internal IT systems
Leslie Buckley says Mizak recommended the appointment of a “specialist IT company” for the “cost reduction exercise”. Photograph: Dara Mac Dónaill
The standoff between the State’s corporate watchdog, the Office of the Director of Corporate Enforcement (ODCE), and INM’s chairman Leslie Buckley – over a legal demand from the ODCE for documents held by Buckley – has its genesis in a bitter boardroom bust-up at the company.
That spiralling row sparked a State investigation of INM during which the ODCE has discovered that cybersecurity experts engaged by Buckley facilitated outside access to the company’s IT system.
The crux of the case is that the ODCE wants to know who authorised this access to the newspaper publisher’s internal IT systems; why was it granted and was it for the benefit of the company; and who ultimately paid the bill.
The row that sparked the whole affair first began early in 2016 when Buckley and INM’s then-chief executive, Robert Pitt, fell out over a proposal for the company to buy Newstalk.
The radio station is owned by Buckley’s friend and close associate, Denis O’Brien, who is also INM’s biggest shareholder with almost 30 per cent. Buckley is O’Brien’s representative on INM’s board.
In effect, O’Brien had a stake on both sides of the proposed Newstalk deal. INM’s chief executive refused to meet the asking price sought by O’Brien for the radio station, leading to the fallout between Pitt and Buckley.
The row led Pitt to make a whistleblower complaint about Buckley to the ODCE, which commenced an investigation into the company’s corporate governance under company law.
Potential data breach
In the course of this investigation, the ODCE uncovered details of a “potential data breach” at INM, broadening its inquiries beyond Newstalk’s price tag row.
The watchdog has wide-ranging powers to demand files from directors, and it has zeroed in on Buckley’s knowledge of the outside access to INM’s IT systems.
The ODCE quickly established that Trusted Data Solutions, a UK technology company, gained access to INM’s internal systems. On August 11th, the watchdog asked Buckley what he knew about it, why it happened, and who paid for it.
Buckley, who is not involved in the day-to-day running of INM, explained to the ODCE that there was a “cost reduction exercise” at the company and he sought “technical advice” for this exercise from Derek Mizak, a cybersecurity expert.
Buckley says he was introduced to Mizak by John Henry, a former army officer who has provided security services for O’Brien’s companies and Buckley in Haiti. Both Mizak and Henry are linked to Reconnaissance Group, which provides counterintelligence services, such as sweeping boardrooms for listening bugs.
Buckley says Mizak recommended the appointment of a “specialist IT company” for the “cost-reduction exercise” he says INM was engaged in. It seems this outside contractor was TDS, which specialises in the restoration and conversion of databases.
In its August 11th letter, the ODCE directly asked Buckley “who granted TDS access to [INM’S] IT systems... and how INM Plc benefited from the services”.
It asked Buckley who settled the TDS invoice, and it also asked him to identify “any other persons likely to be in a position to assist” the watchdog.
Five days later, Buckley responded to the ODCE explaining his position. In October, the ODCE then made a statutory demand to Buckley under company law, compelling him to provide it with documents.
By this stage, Buckley was being advised on the matter by his own personal lawyers, and not INM’s company lawyers. INM says it has “co-operated fully” with the watchdog and has already told it everything that it knows.
In mid-November, Buckley responded to the statutory demand by producing 250 records from a review of 40,000 separate documents “going back two years”. This suggests the outside access to INM’s IT systems happened in 2015.
Of the 250 documents, Buckley claimed legal privilege over 11 of them, including 10 emails between him, his lawyers and Mizak. They were supplied to the ODCE in a sealed package that has yet to be opened by the watchdog.
The ODCE followed its procedures by locking the package in a sealed cabinet in its Dublin headquarters, and on November 23rd it went to the High Court to ask it to adjudicate on whether Buckley’s claim of privilege was valid.
The case is due back before the High Court on January 22nd. It is expected that Justice Peter Kelly, the president of the High Court, will at some point open the sealed package and assess for himself whether or not the claim of legal privilege made by Buckley is valid.
INM refused to comment on detailed queries from The Irish Times,which included whether its management had the authorised access to its IT systems and whether executives knew anything about the “cost reduction exercise”.
Mr Buckley made no response to queries on the matter from this newspaper.